LGPD, GDPR, and CCPA —
One Tool for All Three

If your company serves users in Brazil, the EU, and California, you need to satisfy three different privacy laws. LGPD and GDPR share the same opt-in model. CCPA uses opt-out. CookieFácil applies the strictest rule globally — one installation, all three covered.

Start free — no credit card See full comparison

Do you need to comply with LGPD, GDPR, and CCPA separately?

Yes — if you have users in all three jurisdictions. LGPD applies to Brazilian residents, GDPR to EU residents, and CCPA to California residents. Each law applies based on where the user is located, not where your company is based. If you serve global traffic, all three may apply simultaneously.

In practice, a single LGPD/GDPR-compliant opt-in setup covers the strictest requirements for all three. LGPD and GDPR require opt-in before scripts fire — which already exceeds CCPA's opt-out model. One implementation satisfies all three.

LGPD vs GDPR vs CCPA — shield comparing three privacy laws: LGPD (Lei 13.709/2018, Brazil), GDPR (EU), and CCPA (California Consumer Privacy Act) with opt-in required for LGPD/GDPR and opt-out for CCPA

LGPD, GDPR, and CCPA — at a glance

The three major privacy laws share common principles but differ in consent model, enforcement, and scope.

Requirement LGPD
Brazil		 GDPR
European Union		 CCPA/CPRA
California, USA
Consent model Opt-in Opt-in Opt-out
Script blocking required Yes Yes No
Cookie banner required Yes (ANPD) Yes (ePrivacy) Yes (CPPA)
Consent withdrawal 1-click 1-click 1-click
Max fine R$ 50M / 2% BR revenue €20M / 4% global revenue $7,500 per violation
Enforcement authority ANPD National DPAs CPPA
CookieFácil support Full Full Partial

How CookieFácil handles all three

One script tag. One dashboard. Three regulations covered.

LGPD — full coverage

Script blocking before consent, equal-weight buttons, ANPD-compliant consent logs, Google Consent Mode v2. Built for the Brazilian market first.

  • MutationObserver script blocking
  • Tamper-proof ANPD-compliant logs
  • Google Consent Mode v2 automatic

GDPR — full coverage

Same opt-in model as LGPD. ePrivacy-compliant banner with granular categories. Consent logs satisfy EU DPA audit requirements alongside ANPD requirements.

  • Granular category controls
  • EU DPA-compatible consent records
  • No separate GDPR configuration needed

CCPA — partial coverage

The LGPD opt-in model exceeds CCPA's opt-out requirement for California visitors. Consent log satisfies CPPA documentation. Full GPC signal support on the roadmap.

  • Opt-in exceeds CCPA requirement
  • CPPA-compatible consent records
  • GPC signal support: roadmap
Create free account
View pricing

Choose the right plan for your business

Start free and scale as your consent volume grows. Billed in BRL — no credit card required to start.

Free

Start collecting consent records

  • 1 site · 1,000 visitors/month

  • Cookie consent banner — LGPD + GDPR ready

  • Basic consent reports

Start Free
Most Popular

Basic

For growing businesses

  • 2 sites · 5,000 visitors/month

  • CSV export of consent records

  • Remove CookieFácil branding

Get Started

Professional

For multiple sites and agencies

  • 5 sites · 50,000 visitors/month

  • CSV + PDF + advanced reports

  • Custom CSS and geo-targeting rules

Get Started
See all plans and features →

Frequently asked questions

  • Do I need to comply with LGPD, GDPR, and CCPA separately?

    If your website serves users from Brazil, the EU, and California, yes — each law applies to visitors from that jurisdiction. In practice, LGPD and GDPR share the same opt-in model, so a single LGPD-compliant setup satisfies both. CCPA uses opt-out, but LGPD's opt-in exceeds what CCPA requires for California users.

  • Which privacy law is strictest — LGPD, GDPR, or CCPA?

    LGPD and GDPR tie on consent strictness — both require opt-in before non-essential scripts fire. CCPA is least strict on consent (opt-out model). GDPR has the highest maximum fine (€20M or 4% global revenue). Complying with LGPD + GDPR covers the stricter requirements; CCPA is automatically satisfied by the opt-in model.

  • What is the cheapest way to comply with all three privacy laws?

    Use a single CMP that handles all three. CookieFácil's free plan covers up to 5,000 monthly consent interactions across LGPD, GDPR, and CCPA from one installation. Paid plans start at R$ 29/month (billed in BRL). Enterprise tools like OneTrust charge $100+/month for multi-regulation coverage.

  • Does Google Consent Mode v2 work across LGPD, GDPR, and CCPA?

    Yes. Google Consent Mode v2 is jurisdiction-agnostic — it signals consent state to Google tags regardless of which privacy law triggered the consent decision. CookieFácil fires the correct GCM v2 signals (ad_storage, analytics_storage, ad_user_data, ad_personalization) based on the visitor's choices under any of the three laws.

  • How does CookieFácil handle different consent rules for different countries?

    CookieFácil applies the strictest applicable rule globally by default — opt-in consent required before any non-essential script fires, regardless of visitor location. This satisfies LGPD and GDPR for all visitors. For CCPA, the opt-in model exceeds what is legally required for California residents, so compliance is maintained with a single configuration.

  • Can one consent log satisfy LGPD, GDPR, and CCPA audit requirements?

    Yes. CookieFácil's consent log records: timestamp, consent decision (accept/reject/custom), categories consented to, banner version, and pseudonymized visitor identifier. This single log satisfies ANPD audit requirements (LGPD), EU DPA audit requirements (GDPR), and CPPA documentation requirements (CCPA) in one place.